Today a flaw in how computers and USB devices talk to each other was released. Once an infected device is plugged into a computer via the USB cable, all your web traffic can be redirected to a hacker's servers - thus providing them with IDs and passwords for any website (or cloud based service) you use. This is accomplished by making your computer think the connected device is your connection to the internet. That infected device then injects itself and fakes the websites/pages you are attempting to visit and can capture your info.
Because the flaw is in the hardware (not the operating system), it'll be difficult for operating system vendors to come up with a fix/patch for this. In the mean time always make sure you know what devices you are plugging into your computer and be suspect of any 3rd party devices.
For more details or to see a demo of the flaw - read this BBC article and watch the video..